Principal Program Manager, Tech Risk (BC/DR)

Responsibilities

• Lead the enterprise business continuity and disaster recovery program strategy, execution, governance, and ongoing maturity efforts.
• Own and mature the business impact analysis process, including critical business process identification, dependency mapping, ownership assignment, risk-rating methodology, and recovery strategy development.
• Develop and maintain business continuity plans, disaster recovery plans, crisis management processes, and supporting documentation for critical business and technology functions.
• Drive cross-functional execution across Technology, Security, Office Operations, Vendor Management, Enterprise Risk Management, Compliance, and business process owners to ensure continuity and recovery plans are actionable, tested, and maintained.
• Coordinate disaster recovery exercises, tabletop tests, remediation tracking, and evidence collection to improve organizational preparedness and support audit or regulatory expectations.
• Maintain and improve program repositories, workflows, and reporting, including business impact analysis records, recovery plans, testing evidence, program metrics, and remediation status.

Requirements

• Bachelor’s degree in Information Security, Computer Science, Business, Risk Management, or a related field (or equivalent practical experience) + 8 years of experience in business continuity, disaster recovery, operational resilience, information security, risk management, or program management.
• 8+ years of experience leading or materially maturing business continuity, disaster recovery, or operational resilience programs.
• Experience designing or maturing business continuity, disaster recovery, or operational resilience programs in a bank, fintech, lending, or other regulated financial services environment.
• Experience conducting business impact analyses, recovery planning, dependency mapping, resilience testing, and remediation tracking.
• Experience implementing or operating against business continuity, disaster recovery, or operational resilience frameworks or standards such as ISO 22301, NIST, FFIEC, or equivalent regulatory guidance.

Nice-to-Haves

• Knowledge of technology resilience concepts, including cloud infrastructure resilience, service outages, incident response coordination, system dependencies, and vendor recovery planning.
• Experience supporting audits, regulatory reviews, or compliance initiatives related to business continuity, disaster recovery, or operational resilience.
• Skilled in developing scalable operational processes, program governance models, documentation repositories, and executive-level reporting.
• Ability to communicate resilience risks, recovery strategies, and program priorities to technical and non-technical stakeholders.
• Professional certifications such as CBCP, CISSP, CISM, CRISC, or related business continuity, security, or risk certifications.